At 07:39 AM 8/17/00 +0800, Enzo Michelangeli wrote:
>My question was about the legal meaning, or, better, prevalent legal
>interpretation, of "signature-only key". ...
>This is not a purely academic issue. For example, in Hong Kong the import of
>cryptographic devices is exempted from import licensing (not a big hurdle,
>but an annoying bureaucratic procedure nevertheless) if they are "only used
>for authentication or digital signature":
Ah. The certificate structure - keys, software, smartcards, data, etc.
can all work fine as signature-only, so it sounds like it'll pass your
import license issues. On the other hand, the Diffie-Hellman key exchange
itself,
and the symmetric-key application that uses the key generated by DH,
aren't signature-only systems - they're clearly for doing encryption.
So you'll need to keep track of which pieces are integrated and which
are separate.
Do your import restrictions apply to intangibles like downloading software
in the net? Some places only restrict import/export of physical objects.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
